Morioh
Login
Destiny Volkman

Destiny Volkman

3 years ago

A critical security bug in the SonicWall VPN portal can be used to crash the device and prevent users from connecting to corporate resources. It could also open the door to remote code execution (RCE), researchers said.

The flaw (CVE-2020-5135) is a stack-based buffer overflow in the SonicWall Network Security Appliance (NSA). According to researchers who discovered it, the flaw exists within the HTTP/HTTPS service used for product management and SSL VPN remote access.

An unskilled attacker could trigger a persistent denial-of-service condition using an unauthenticated HTTP request involving a custom protocol handler, wrote Craig Young, a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team (VERT), in a Tuesday analysis. But the damage could go further.

VPN bugs are tremendously dangerous for a bunch of reasons,” he told Threatpost. “These systems expose entry points into sensitive networks and there is very little in the way of security introspection tools for system admins to recognize when a breach has occurred. Attackers can breach a VPN and then spend months mapping out a target network before deploying ransomware or making extortion demands.”

Adding insult to injury, this particular flaw exists in a pre-authentication routine, and within a component (SSL VPN) which is typically exposed to the public internet.

“The most notable aspect of this vulnerability is that the VPN portal can be exploited without knowing a username or password,” Young told Threatpost. “It is trivial to force a system to reboot…An attacker can simply send crafted requests to the SonicWALL HTTP(S) service and trigger memory corruption.”

However, he added that a code-execution attack does require a bit more work.

“Tripwire VERT has also confirmed the ability to divert execution flow through stack corruption, indicating that a code-execution exploit is likely feasible,” he wrote, adding in an interview that an attacker would need to also leverage an information leak and a bit of analysis to pull it off.

That said, “If someone takes the time to prepare RCE payloads, they could likely create a sizeable botnet through a worm,” he said.

#cloud security #vulnerabilities #web security #craig young #critical bug #cve-2020-5135 #denial of service #dos #exploit #network security appliance #pre-authentication #rce #remote code execution #security vulnerability #sonicwall #stack-based buffer overflow #tripwire #trivial #vpn portal #worm

Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE

threatpost.com

Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE

The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in. According to researchers who discovered it, the flaw exists within the HTTP/HTTPS service used for product management and SSL VPN remote access

1.90 GEEK